Verficiation before loading page - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20) +--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23) +--- Thread: Verficiation before loading page (/showthread.php?tid=13884) Pages:
1
2
|
Verficiation before loading page - El Forum - 12-10-2008 [eluser]garrettheel[/eluser] Before loading any pages in the admin controller, I want to verify that the user is supposed to have access to the page. Now, rather then use a bunch of if statements in every single admin function, I would rather do something in the constructor and have it apply to all of the functions. Just wondering what the best way to do this would be? E.g Code: function __construct() Would this be the most secure and best way to do it? I don't want there to be any glimpses of the page or anything. Thanks Verficiation before loading page - El Forum - 12-10-2008 [eluser]xwero[/eluser] use a hook Verficiation before loading page - El Forum - 12-10-2008 [eluser]garrettheel[/eluser] Is this the best way? I didn't want to make it too complicated and I only wanted it on certain controllers. And can you give me an example of how to use it? Verficiation before loading page - El Forum - 12-10-2008 [eluser]hugle[/eluser] [quote author="xwero" date="1228924041"]use a hook[/quote] hello xwero. Could you explain a bit, how the hook is used in this situation? Thanks Verficiation before loading page - El Forum - 12-10-2008 [eluser]xwero[/eluser] Code: function access_allowed() Verficiation before loading page - El Forum - 12-10-2008 [eluser]garrettheel[/eluser] Ooh I see what you mean. Just wondering though, does this function have to be in a /hooks folder? And I'm assuming using the redirect here is perfectly secure? Also, I need to have access to one of my models. What should the class be called and should it extend anything? Verficiation before loading page - El Forum - 12-10-2008 [eluser]xwero[/eluser] you can put the function everywhere, see the hooks page on the user guide, but the default directory is hooks. I never knew redirect to be insecure as it's a function where you control all parameters. It's insecure if you don't validate the segments that depend on the user input. Just load your model like i loaded the url helper and create a method for authentication. Verficiation before loading page - El Forum - 12-10-2008 [eluser]garrettheel[/eluser] So it's not working.. it's letting anyone view the page regardless and, when I try to var_dump() anything it doesn't display. hooks/access.php Code: <?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); config/hooks.php Code: $hook['pre_controller'] = array( Verficiation before loading page - El Forum - 12-10-2008 [eluser]xwero[/eluser] It has to be a post_controller_contstuctor hook, i was a bit to fast the first time, i'm sorry. Because then you can access the normal controller methods. Verficiation before loading page - El Forum - 12-10-2008 [eluser]garrettheel[/eluser] Scratch that, didn't have hooks turned on in the config (oops). Now I have a new error, it's to do with the the $CI global you used. Fatal error: Call to a member function helper() on a non-object in /ci/system/application/hooks/access.php on line 8 Line 8 is $CI->load->helper('url'); So I think there's a problem getting the CI object? |